3/27 UNBOXING

Tamper-evident tape seals the box with no indications of #Bitcoin related contents within. You will find the Passport, startup card, & stickers, The Founders edition includes a copy of the white paper. Everything to start included; batteries & 2x 8GB microSD cards.

4/27 Simply remove the magnetic rear cover, insert the batteries and you're ready to scan the quick-start instructions with your mobile device or webcam for further details. The Passport measures 108 mm in length by 38 mm in width.

5/27 SUPPLY CHAIN VALIDATION

To ensure the Passport has not been tampered with in transit, a public/private key pair is used between the Passport and a publicly displayed QR code. 4 words will be generated on the Passport as a checksum.

6/27 PIN

A numeric PIN is used to secure access to the Passport. 6-12 digits is acceptable. After the initial 4-digits, two anti-phishing words are displayed. Write down the PIN & words, there is no way to recover a lost or forgotten PIN.

7/27 FIRMWARE

Keep the Passport up to date for new features, quality of life improvements, security & bug patches. Check the current version in "Settings>Firmware>Current Version" against the displayed version in the docs: docs.foundationdevices.com/en/firmware-up…

8/27 Download the latest firmware, save to microSD. The card will stick out half way. The Passport will only allow firmware to be installed if it has been signed by at least 2 of 4 Foundation developer keys. Full guide demonstrates self-verification.

9/27 SEED PHRASE

The Passport is going to generate 24 English words, that make up the seed phrase. It is a human-readable representation of the signing key for your #bitcoin. The seed is sensitive & should be regarded like cash, gold, or jewelry. Full guide covers written words.

10/27 By default, Passport will encrypt & save them to the microSD. The seed phrase can then be decrypted with a password that the Passport will generate. This password is 6 English words. Secure this password, both the file & password are necessary to expose the seed.

11/27 PASSPHRASE

A passphrase adds an extra layer of security to your #Bitcoin wallet. It is additional required info to access your private key. It can be thought of as a "25th word" at the end of the seed phrase. Without the passphrase, the #bitcoin will not be accessible.

12/27 Passphrases can contain any combination of special characters, lower case letters, upper case letters or numbers, easy-to-remember phrases, or even a random high-entropy string of characters.

13/27 Once the passphrase is applied a "P" shield will appear. This is now a totally different wallet than the one you initially logged into. A "fingerprint" is used to identify & ensure the passphrase is entered correctly.

14/27 TESTING BACKUPS

Do not deposit #bitcoin to your new wallet without testing your backups. This means double checking your work, deleting your seed phrase from the Passport, and restoring from your backup whether encrypted file or written words.

15/27 CONNECT w/@SparrowWallet

Sparrow is a desktop #Bitcoin wallet designed to be connected with your own node. It is a user-friendly wallet with many advanced features that enable you to monitor your air gapped Passport balance, generate addresses & create txs.

16/27 Passport can export the watch-only XPUB information via QR code or microSD, both are covered in the full guide.

17/27 You can build a transaction in @SparrowWallet then display it as an animated series of QR codes that you can scan with the Passport to sign, then pass it back. Since Sparrow is connected to your own node, you can then broadcast the signed tx to the #Bitcoin network.

18/27 MULTISIG

This is a way to secure your #bitcoin so that signatures from multiple devices are required, like 2-of-3. Using hardware wallets from different manufacturers can mitigate unforeseen vulnerabilities or attack vectors that may be present in one but not another.

19/27 In the demo, @SparrowWallet, @COLDCARDwallet, & @FOUNDATIONdvcs Passport are used. This means one of the cosigners is a hot wallet, you may want to use all air gapped devices.

A new wallet was generated in Sparrow for the first keystore:

20/27 Then a fresh XPUB from @COLDCARDwallet was imported for the 2nd keystore by navigating to "Settings > Multisig Wallets > Export XPUB". This was transferred via microSD, keeping the ColdCard air gapped.

21/27 The 3rd keystore was imported via QR code from the Passport by navigating to "Pair Wallet > Sparrow > Multisig > QR Code".

22/27 With the 3 keystores imported, deposits can be made to the new multisig wallet via the @SparrowWallet interface. Then to spend, the tx can be built in Sparrow and even signed by Sparrow in this case for 1 of the 2 sigs, but the hardware wallets were used instead.

23/27 First the built tx was saved to microSD and passed to the @COLDCARDwallet, signed, then passed back to Sparrow all air gapped.

24/27 Second, the tx with 1 sig was displayed in Sparrow via animated QR code and scanned with the Passport for the 2nd sig.

25/27 Once signed, the Passport displayed the QR codes for Sparrow to scan. Then the tx could be broadcast to the #Bitcoin network. You can monitor BitcoinCore, @SparrowWallet, or your preferred block explorer like @mempool for confirmations.

26/27 There is more information that is required for backups with multisig, so be sure you double check your work and test your backups. Then think about how you will distribute this information.